tl;dr
- Leak JWT token through Race Condition.
- Leak authorization token via an open redirect.
- Chaining XSS & CSRF in the oauth pipeline to leak the Admin’s oauth access token.
- RCE via CVE-2023-33733.
tl;dr
tl;dr
tl;dr
tl;dr
tl;dr
tl;dr
tl;dr
tl;dr
headers.set
/?user=
to Get XSS at /helloworld
/?user=<PAYLOAD>
and /helloworld
using cache poison or bug in regex(uninteded)tl;dr
/profile/
will not change the nonce tl;dr